Moreover, even when office investigators did look into complaints, they failed to meet investigation documentation standards.

In addition, the office failed to comply with federal requirements for the three computer systems it used to support its investigations, and it failed to go through a formal risk management process for two of the three systems, officials said.

The office "focused on system operability to the detriment of system and data security," officials said.

"Exploitation of system vulnerabilities, normally identified through the risk management process, could impair OCR's ability to perform functions vital to its mission," officials said.

Sponsored Showcase

The Small Business Advisor, brought to you by BenefitsPro and sponsored by LegalShield Business Solutions was developed to educate and provide benefits brokers with the information they need to understand and serve the needs of small businesses.